On start screen in Softphone window, I show with our own OAuth provider login page. After login, the provider redirects to specified in URL callback address.

Firstly, I decided to use a fake return URL like "https://localhost:55577/AuthPage.html" and thought to handle iframe onload event to take query parameters with the access token. But I found out that Salesforce doesn't allow access to iframe.contentWindow.location.href property from security reasons.

Now I have two options: use my VisualForce page as a callback destination or host callback destination html page on our hosting.

What is the best practice to use with External OAuth providers from Salesforce if I have already authorized in Salesforce and simply want to get access token to my external service?